EYO PRIVACY STATEMENT – MEMBERS AND PARENTS

This Privacy statement has been designed in line with General Data Protection Regulations (GDPR)

Your member data – what we need and why

We need some of your details, for example your contact details, so that we can let you know about things like rehearsal and concert arrangements, subscription payments, social events and musical opportunities; and other details so that we can comply with safeguarding regulations, for example your age, date of birth, school and relevant medical information. We also need contact details for at least one parent so that we can copy all communications to them and contact them in the event of any emergency.

What data do we collect from members?

We collect some of the following types of data from members (we don’t collect all of this data on all members – we only collect it if it’s needed):

PLAYERS

Name

Email address

Postal address

Phone number

Age/DOB

Gender

School and school year

Emergency contact details

Relevant medical information

PARENTS

Name

Email address

Postal address

Phone number

Gift Aid declarations

We check what data we have on members every two years and remove it if we no longer need it. If you leave EYO, we’ll make sure we stop using and/or delete any data we don’t need to keep (e.g. for financial reporting).

What do we use it for?

Any of the information listed above might be needed to manage your membership with EYO and to organise and run our activities. We may also share information about other opportunities, eg EYO Tour and related musical activities. We won’t ever use this data for anything else unless you give us your active consent for that additional use.

Do we share your data with anyone else?

We will never give your data to third parties for that third party to use. Where data is stored and processed using third party services (e.g. Teamr database and Google Drive) we will always make sure that they are reputable and secure, and that your data is kept safe. We will also verify that whenever international data transfers are involved with any third party, these will be compliant with the GDPR requirement.

If another member of EYO asks for your contact details we will only ever share them if you consent.

What can you ask us to do?

Under the GDPR, you have the following rights over your data and its use:

The right to be informed about what data we are collecting on you and how we will use it

The right of access – you can ask to see the data we hold on you

The right to rectification – you can ask that we update or correct your data

The right to object – you can ask that we stop using your data for a particular purpose

The right to erasure – you can ask us to delete the data we hold on you if you no longer wish to be a member of EYO.

The right to restrict processing – you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated

Though unlikely to apply to the data we hold and process on you, you also have rights related to portability and automated decision making (including profiling)

All requests related to your rights should be made to the Privacy Officer at chair@eyo.org.uk. We will respond within one month.

I’ve got a question – who should I speak to?

Please contact the Chair of EYO, Christopher Brown, at chair@eyo.org.uk